Autonomous agent systems are increasingly deployed where consequential actions (API calls, data access, transactions) matter for safety, privacy, and compliance. Much of the prevailing stack is observational oradvisory: prompts, filters, checkpoints, and logs that do not always sit on the causal path to side effects. This paper connects Nancy Leveson’s STAMP/STPA tradition—safety as control of a controlledprocess, with feedback and an explicit process model—to Agent Responsibility Engineering (ARE) —adiscipline with public orientation at srex-dev/AgentResponsibilityEngineering, evaluated in this preprintagainst a privately held reference implementation (this manuscript describes control structure andsafety case, not a turnkey public product drop). We present a bounded STAMP/STPA closure safety case at a defined execution boundary, nota proof of “safe AI” in the large. Closure means: every hazard in scope in the working STPA packageis mitigated, accepted with documented residual risk, or assumption-bounded, as recorded inSTPARESOLUTION. md (same file appears in the public mirror under research/stpa/ and in a private monolith clone under research/stpa/). The case is supported by traceability (losses, hazards, unsafe controlactions, constraints), component tests (Rust and Go services on the golden path), an interposition audit, and a frozen reviewer evidence bundle (commit-attested). A TLA+ specification skeleton statesordering obligations; it is not a machine-checked proof. We do not claim universal fail-closed behavior in every subsystem, production validation in a named sector, or bidirectional formal proof of every narrative mapping in the broader ARE research program. We do claim: (1) a STAMP-aligned control reading of the governed path; (2) causal interposition (policy coprocessor→ pre-execution validation → receipt binding → executor) ; (3) fail-closed semantics for a permit verdictwhen the immutable Ledger write fails at the coprocessor (permit cannot leave without durable evidence—Deny with documented reason) ; (4) explicit residual risk and out-of-scope surfaces (deployment routing, strata composition, distributed lag, human escalation).
Jonathan Kershaw (Wed,) studied this question.